Author: abc Date: To: exim-users Subject: [exim] exim allowed someone to slam my mail server for 3 hours
What happened here? I thought Exim is supposed to disconnect people if
they cause too many errors in their connection? Why did Exim allow the
one host to make 38,000 requests in 3 hours within just 1 connection?
Here what I see in my logs:
2005-06-26 07:25:32 SMTP connection from [200.101.127.102] (TCP/IP connection count = 1)
2005-06-26 07:25:34 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:40 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:44 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
2005-06-26 07:25:46 H=(buzz) [200.101.127.102] F=<dwnj_meka_r_z_w@???> rejected RCPT <madeye@???>: host 200.101.127.102 is listed in brazil.blackholes.us
That message repeats thousands of times for 3 hours, then:
2005-06-26 10:36:28 SMTP syntax error in "SAIR" H=(buzz) [200.101.127.102] unrecognized command
2005-06-26 10:36:29 unexpected disconnection while reading SMTP command from (buzz) [200.101.127.102]
Isn't there a way to disconnect a host if they cause too many errors in
the SMTP dialogue?